When necessary, LogScale can be configured to prevent queries from executing. There are many scenarios in which one might consider blocking a query or a pattern that matches many queries. For instance, a query pattern may use a large portion of the system's resources. Or a particular query is known to be used for malicious purposes (e.g., searching for secure secrets). Or it may be that a log line contains information that should never want searched.
Blocks can be added by defining the following conditions:
Based on a regular expression using the standard LogScale regular expression mechanics
Based on an exact matching query, explicitly matching the defined string.
Either against a specific Repository or all repositories.
Figure 17. Query Administration Blocklist
The list of currently blocked queries is shown in the
Blocklist page and includes the following
The string or regular expression of the query that is blocked.
Whether the block is based on an
When the block expires.
The view or repository to which the block applies.